1 Reply Latest reply on Aug 16, 2002 2:27 PM by jleech

Accessing Method Permissions

billahome Aug 8, 2002 6:43 PM

I want to do permission checking prior to making an EJB request. The goal here is to set up the GUI so that only the options that the user has access to can be displayed.

EJBContext provides getCallerPrincipal to get the user, and isCallerInRole to provide info on which roles the user can take on. But there is no obvious way to get to the method permissions - the last piece of the puzzle.

Any suggestions?

Bill Alexander

1. Re: Accessing Method Permissions

jleech Aug 16, 2002 2:27 PM (in response to billahome)

Securing web pages has a similar problem. You can define permissions to be required for url patterns in the web.xml, but there is no way in the API to ask what permissions are required for a particular URL. The guys at Sun indicated to me that was coming in a future version of the Servlet spec.
Actions